Welcome!

@CloudExpo Authors: Liz McMillan, Elizabeth White, Yeshim Deniz, Pat Romanski, Zakia Bouachraoui

Related Topics: @CloudExpo

@CloudExpo: Article

Cloud Computing Security Threats Come from Inside

Dr. Richard Zhao Outlines CSA Threats in Shanghai

Security breaches in the world of IT are "an inside job at least 70% of the time," according to Richard Zhao, founder of the Greater China Chapter of the Cloud Security Alliance (CSA). Dr. Zhao, speaking to a group of IT executives in Shanghai, did his best to terrify everyone present, taking the audience through a list of seven major security threats put together by a team of CSA members.

The list includes: the "nefarious use" of Cloud Computing, insecure interfaces and APIs, malicious insiders, shared technology issues, data loss or leakage, account or service hijacking, and unknown risk profiles.

He noted a particular threat by insiders. Mirroring criminal practice in all industries, he noted that insiders are involved in 70% to 80% of all IT crime--whether out of anger or as part of organized criminal or espionage activities.

There Will Be Remediation
Without "the inside job," the plot of most Hollywood thrillers would never leave the station. The CSA document notes that there is no universal, effective remedy in this area, but it does urge several remediation measures: Enforce strict supply chain management and conduct acomprehensive supplier assessment, specify human resource requirements as part of legal contracts, require transparency into overall information security andmanagement practices (as well as compliance reporting), and determine security breach notification processes.

With this in mind, I spoke recently to an executive of a company that attacks this problem, in virtualized environments, through limiting root access to the hypervisor. He also mentioned that not all inside vulnerabilities are exploited deliberately; sometimes bad things can happen through a simple "fat finger" error. After I've transcribed our interview and cleaned it up a bit, I'll post more about the company and its strategy.

More Stories By Roger Strukhoff

Roger Strukhoff (@IoT2040) is Executive Director of the Tau Institute for Global ICT Research, with offices in Illinois and Manila. He is Conference Chair of @CloudExpo & @ThingsExpo, and Editor of SYS-CON Media's CloudComputing BigData & IoT Journals. He holds a BA from Knox College & conducted MBA studies at CSU-East Bay.

CloudEXPO Stories
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City. Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term.
The technologies behind big data and cloud computing are converging quickly, offering businesses new capabilities for fast, easy, wide-ranging access to data. However, to capitalize on the cost-efficiencies and time-to-value opportunities of analytics in the cloud, big data and cloud technologies must be integrated and managed properly. Pythian's Director of Big Data and Data Science, Danil Zburivsky will explore: The main technology components and best practices being deployed to take advantage of data and analytics in the cloud, Architecture, integration, governance and security scenarios and Key challenges and success factors of moving data and analytics to the cloud
Most DevOps journeys involve several phases of maturity. Research shows that the inflection point where organizations begin to see maximum value is when they implement tight integration deploying their code to their infrastructure. Success at this level is the last barrier to at-will deployment. Storage, for instance, is more capable than where we read and write data. In his session at @DevOpsSummit at 20th Cloud Expo, Josh Atwell, a Developer Advocate for NetApp, will discuss the role and value extensible storage infrastructure has in accelerating software development activities, improve code quality, reveal multiple deployment options through automated testing, and support continuous integration efforts. All this will be described using tools common in DevOps organizations.
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY. DatacenterDynamics is a brand of DCD Group, a global B2B media and publishing company that develops products to help senior professionals in the world's most ICT dependent organizations make risk-based infrastructure and capacity decisions.
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more business becomes digital the more stakeholders are interested in this data including how it relates to business. Some of these people have never used a monitoring tool before. They have a question on their mind like "How is my application doing" but no idea how to get a proper answer.